Ubuntu / Debian Linux: Setup An ISC DHCP Server For Your Network

How do I setup a DHCP server for my local area network (LAN) using Debian Linux 6 or Ubuntu Linux server running on my IBM hardware?

The Dynamic Host Configuration Protocol (DHCP) allows clients such as desktop, laptop, and mobile devices to request and obtain an IP address and many other parameters from a server.
Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements Debian 6 or Ubuntu
ISC Dhcpd
Est. reading time N/A

ISC’s DHCP server software

ISC’s DHCP software is the most widely used open source DHCP implementation on the Internet. The same software can be used for LAN too. It is a carrier and enterprise grade solution to your host configuration needs.

Installing the DHCP server

Type the following apt-get command as root user to install the DHCP server:
# apt-get install isc-dhcp-server
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 11 not upgraded.
Need to get 0 B/411 kB of archives.
After this operation, 938 kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package isc-dhcp-server.
(Reading database ... 281728 files and directories currently installed.)
Unpacking isc-dhcp-server (from .../isc-dhcp-server_4.1.1-P1-15+squeeze8_amd64.deb) ...
Processing triggers for man-db ...
Setting up isc-dhcp-server (4.1.1-P1-15+squeeze8) ...
Generating /etc/default/isc-dhcp-server...
Starting ISC DHCP server: dhcpdcheck syslog for diagnostics. ... failed!
invoke-rc.d: initscript isc-dhcp-server, action "start" failed.

Configure the DHCP server

The configuration file for dhcpd is called /etc/dhcp/dhcpd.conf. The file comes with a number of global configuration options. Type the following command to edit the file:
# vi /etc/dhcp/dhcpd.conf
You must prevent the DHCP server from receiving DNS information from clients, set the following global option (this is a security feature):

ddns-update-style none;

You need to set your domain name and name server:

## Set a domain name for your LAN ##
option domain-name "nixcraft.net.in";
## Set DNS server IP address, you can set to your ISP's dns server too or use Google DNS server##
option domain-name-servers,;

Increase the lease time. The time is set in seconds:

### Set the length in seconds that will be assigned to a lease if the client requesting the lease does not ask for a specific  expiration time.   ##
### This is used for both DHCPv4 and DHCPv6 leases (it is also known as the "valid lifetime" in DHCPv6). ###
default-lease-time 86400;
## Set the maximum length in seconds that will be assigned to a lease ##
max-lease-time 604800;

The authoritative directive should be uncommented:


The authoritative directive indicate that the DHCP server should send DHCPNAK messages to misconfigured clients. If this is not done, clients will be unable to get a correct IP address after changing subnets until their old lease has expired, which could take quite a long time. Finally, update the configuration file with your subnet as follows:

subnet netmask {
        ## dhcp start  and end IP range ##
        option subnet-mask;     ## subnet 
        option broadcast-address; ## broadcast
        option routers; ## router IP


  1. subnet netmask { – The subnet statement is used to provide dhcpd with enough information to tell whether or not an IP address is on that subnet. It may also be used to provide subnet-specific parameters and to specify what addresses may be dynamically allocated to clients booting on that subnet. Such addresses are specified using the range declaration. In this example is the subnet-number and should be an IP address or domain name which resolves to the subnet number of the subnet being described. The netmask should be an IP address or domain name which resolves to the subnet mask of the subnet being described. The subnet number, together with the netmask, are sufficient to determine whether any given IP address is on the specified subnet.
  2. range; – For any subnet on which addresses will be assigned dynamically, there must be at least one range statement. The range statement gives the lowest and highest IP addresses in a range. All IP addresses in the range should be in the subnet in which the range statement is declared. is the starting IP address and is the ending IP address in this pool.
  3. option subnet-mask; – Use this subnet-mask.
  4. option broadcast-address; – Use this broadcast address.
  5. option routers; – Use this gateway address i.e. the address of your router connected to the Internet.

Save and close the file. To check the syntax of dhcpd.conf file for errors, run:
# dhcpd -t
# dhcpd -t /etc/dhcp/dhcpd.conf

How do I start / stop / restart the DHCP server?

Type the following commands:

service isc-dhcp-server start
service isc-dhcp-server stop
service isc-dhcp-server restart
service isc-dhcp-server status

Sample outputs:

Fig.01: Debian Linux: Start / Stop / Restart DHCPD Server Commands

How do I verify that DHCP server UDP port # 67 is opened by dhcpd?

Type any one of the following command
# netstat -tulpn | grep --color "dhcp"
# ps aux | grep --color "[d]hcpd"
# pgrep dhcpd
Sample outputs:

Fig.02: Verify That The DHCPD Server Is Running or Not

Troubleshooting the DHCP server problem

By default the dhcpd will log all output using the syslog function with the log facility set to LOG_DAEMON i.e. /var/log/syslog file:
# tail -f /var/log/syslog
# grep dhcpd /var/log/syslog

You can dump DHCP packets under Linux / UNIX for monitoring or debugging purpose using dhcpdump command as follows:
# dhcpdump -i eth0
OR use old good the tcpdump program:
# tcpdump -lenx -i eth0 -s 1500 port bootps or port bootpc
cd to /var/lib/dhcp directory to see more information about leases that the dhcp server has assigned to clients:
# cd /var/lib/dhcp/
# ls -l
# vi dhcpd.leases
# cat dhcpd.leases
# grep 'something' dhcpd.leases

Securing the DHCP server

Disable the dynamic DNS:

ddns-update-style none;

Set Deny decline messages to avoid DoS attack againest your dhcp server. The client device can send DHCPDECLINE message many times that can exhaust the DHCP server’s pool of IP addresses, causing the DHCP server to forget old address allocations:

deny declines;

Disable support older BOOTP clients:

deny bootp;

You must set valid and correct values for all the following operational directives. If you are not using NIS domain or ntp server, make sure the following options are not defined.

## see dhcpd.conf man page for more info on the directives ##
option domain-name  
option domain-name-servers
option nis-domain
option nis-servers
option ntp-servers
option routers
option time-offset

In most cases you only need domain-name, domain-name-servers, and routers directives and rest should be removed to minimize information served by the dhcp server.

How do I configure iptables to allow access to the DHCP server?

Edit your iptables scripts and add the following lines

## Make sure you use an appropriate network block,  ##
## and network mask, representing the machines on your ## 
## network which should operate as clients of the dhcp serve. ##
## Syntax: ##
## /sbin/iptables -A INPUT -s net/mask -i $LAN_IFACE -p udp --dport 67:68 --sport 67:68 -j ACCEPT ##
## Adjust rules as per your setup ##
/sbin/iptables -A INPUT -s -i eth0 -p tcp --sport 68 --dport 67 -j ACCEPT
/sbin/iptables -A INPUT -s -i eth0 -p udp --sport 68 --dport 67 -j ACCEPT

A slightly different configuration for an internal subnet

The following is a special subnet that allows to pxe network booting using tftpd server at (please note that you need to install and configure tftpd server separately):

subnet netmask {
  ## openbsd pxe boot file ##
  filename "openbsd/pxeboot";
  ## Debian 6 pxe boot file ##
  ## filename "debian6/pxelinux.0";
  ## Freebsd pxe boot file ##
  ## filename "freebsd/pxeboot";
  ## our boot server ##
  option subnet-mask;
  option broadcast-address;
  option routers;

How do I add BOOTP support?

Each BOOTP client must be explicitly declared in the dhcpd.conf file.

## bootp my headless home router ##
host router {
     hardware ethernet 08:00:2b:4c:59:23;
     filename "debian6/pxelinux.0";
Recommend readings:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 17 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
17 comments… add one
  • Logicos Nov 28, 2012 @ 22:11

    1) “netfilter” can’t stop DHCP requests.
    2) “dig” is the best tools for DNS debugging


  • Jalal Hajigholamali Nov 29, 2012 @ 3:55


    Thanks for very nice article

  • tim Dec 1, 2012 @ 15:12

    nice write up. question, so this is possible even if you already have an existing DHCP server? I want to use this along with TFTP for a PXE test setup.

    • 🐧 nixCraft Dec 1, 2012 @ 20:20

      Yes, you can use this with existing dhcp provided that you can modify the configuration.

  • dave Jan 29, 2013 @ 11:05

    thanks for a very nice article as usual :)
    I have a question: is there a simple dhcpd.leases file parser for cli? At least to get stats about used and free leases..
    I was using dhcpstatus but apache2 started crashing.. dhcpstatus is old now and is web based, which I don’t need.. cli would be fine :)

  • beastie Jan 30, 2013 @ 14:17

    Your iptables rules look incomplete.
    It would be good to mention the /usually/ UDP is used, and this is why you don’t see the TCP part very often. /etc/services says 67/tcp is bootps so I guess it is.

    The first DHCP messages use the addresses and
    Your rules only cover DHCP renewal.

    In addition, I think iptables does not keep state by default, so you need another rule for replies. (I think your rules accepts DHCP reqs, but replies may be blocked depending on your other iptables rules).

  • bekota Apr 22, 2013 @ 14:17

    merci pour le tuto si on veut utiliser le dhcp et le tftp dans un mm serveur comment on fait les configuration

  • Mohammad Jun 5, 2013 @ 10:40

    thanks ?

  • vipzrx Jun 20, 2013 @ 8:51

    range; – For any subnet on which addresses will be assigned dynamically, there must be at least one range statement. The range statement gives the lowest and highest IP addresses in a range. All IP addresses in the range should be in the subnet in which the range statement is declared. is the starting IP address and is the ending IP address in this pool.

    range;——》 range

  • kristijan Jun 21, 2013 @ 12:46

    Tnx, very helpful article !

  • abhay Jun 4, 2014 @ 20:14

    Thx, finally configure my dhcp server.

  • Surfer Oct 31, 2014 @ 15:45

    How do i make if i want to autostart dhcp server at boot time ?

  • ali Nov 26, 2014 @ 4:41


  • happen23 Sep 14, 2015 @ 7:23

    this post helps me a lot!
    I use -t option to test my dhcpd.conf and found “interface name too long” problem
    then I fix that by add link config entry in /etc/network/interfaces
    thank you!

  • Martin Muiru Oct 29, 2015 @ 19:28

    I can’t hide my joy and praises to Vivek Gite. The guy who wrote this article. With very little knowledge in Linux and DHCP I have finally succeeded in doing exactly what I wanted. Thank you very much Vivek Gite! I wish you Almighty God’s Blessings!

  • Andrew Jones Jan 19, 2016 @ 5:21

    After all these years, it seems ISC DHCP Server still doesn’t have a build-in parser for the dhcpd.leases file. Annoying! micro DHCP (a light-weight version built in to busybox) has the “dumpleases” utility. But alas, we are left without.

  • med Jun 15, 2016 @ 0:37

    best one , thaaaanx very very mutch , that was helpfull !

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum